Replace pidfd_getfd with Unix domain socket for FD passing

Copilot · clauspruefer · Copilot · commit 3a71b20fdf4c · 2025-10-02T14:06:39.000Z
Co-authored-by: clauspruefer &lt;17313789+clauspruefer@users.noreply.github.com&gt;
diff --git a/src/ASProcessHandler.cpp b/src/ASProcessHandler.cpp
@@ -119,14 +119,11 @@ void ASProcessHandler::forkProcessASHandler(ASProcessHandlerSHMPointer_t SHMAdre
                     ERR("Cannot change dir to BackendRootPath Path:" << BackendRootPath.c_str());
                 }
 
-                //- get parent pid filedescriptor
-                pidfd_t ParentPidFD = Syscall::pidfd_open(getppid(), 0);
-
                 const char* Env1 = std::getenv("PATH");
                 const char* Env2 = std::getenv("PYTHONPATH");
 
                 DBG(120, "Process PATH:" << Env1 << " PYTHONPATH:" << Env2);
-                DBG(200, "Child ASProcessHandler Process PID:" << getpid() << " ParentPidFD:" << ParentPidFD);
+                DBG(200, "Child ASProcessHandler Process PID:" << getpid());
 
                 //- initialize backend
                 Backend::Processor::init(this);
diff --git a/src/Global.hpp b/src/Global.hpp
@@ -3,12 +3,15 @@
 
 #include <csignal>
 #include <string>
+#include <cstring>
 #include <unordered_map>
 #include <vector>
 #include <exception>
 #include <cstdlib>
 
 #include <sys/syscall.h>
+#include <sys/socket.h>
+#include <sys/un.h>
 #include <unistd.h>
 #include <execinfo.h>
 
@@ -19,7 +22,6 @@ using namespace std;
 
 
 typedef unsigned int Filedescriptor_t;
-typedef unsigned int pidfd_t;
 
 typedef uint16_t HTTPVersionType_t;
 typedef uint16_t HTTPMethodType_t;
@@ -67,16 +69,118 @@ class Syscall {
 
 public:
 
-    //- wrapper function for pidfd_open
-    static int pidfd_open(pid_t pid, unsigned int flags)
+    //- Unix domain socket for FD passing - server side (parent process)
+    static int createFDPassingServer(const char* socket_path)
     {
-        return syscall(SYS_pidfd_open, pid, flags);
+        int server_fd = socket(AF_UNIX, SOCK_STREAM, 0);
+        if (server_fd < 0) {
+            return -1;
+        }
+
+        // Remove any existing socket file
+        unlink(socket_path);
+
+        struct sockaddr_un server_addr;
+        memset(&server_addr, 0, sizeof(server_addr));
+        server_addr.sun_family = AF_UNIX;
+        strncpy(server_addr.sun_path, socket_path, sizeof(server_addr.sun_path) - 1);
+
+        if (bind(server_fd, (struct sockaddr*)&server_addr, sizeof(server_addr)) < 0) {
+            close(server_fd);
+            return -1;
+        }
+
+        if (listen(server_fd, 50) < 0) {
+            close(server_fd);
+            return -1;
+        }
+
+        return server_fd;
     }
 
-    //- wrapper function for pidfd_getfd
-    static int pidfd_getfd(int pidfd, int targetfd, unsigned int flags)
+    //- Unix domain socket for FD passing - client side (child process)
+    static int connectFDPassingClient(const char* socket_path)
     {
-        return syscall(SYS_pidfd_getfd, pidfd, targetfd, flags);
+        int client_fd = socket(AF_UNIX, SOCK_STREAM, 0);
+        if (client_fd < 0) {
+            return -1;
+        }
+
+        struct sockaddr_un server_addr;
+        memset(&server_addr, 0, sizeof(server_addr));
+        server_addr.sun_family = AF_UNIX;
+        strncpy(server_addr.sun_path, socket_path, sizeof(server_addr.sun_path) - 1);
+
+        if (connect(client_fd, (struct sockaddr*)&server_addr, sizeof(server_addr)) < 0) {
+            close(client_fd);
+            return -1;
+        }
+
+        return client_fd;
+    }
+
+    //- Send a file descriptor over Unix domain socket
+    static int sendFD(int socket_fd, int fd_to_send)
+    {
+        struct msghdr msg;
+        struct iovec iov[1];
+        char ctrl_buf[CMSG_SPACE(sizeof(int))];
+        char data[1] = {0};
+
+        memset(&msg, 0, sizeof(msg));
+        memset(ctrl_buf, 0, sizeof(ctrl_buf));
+
+        // Setup iovec for dummy data
+        iov[0].iov_base = data;
+        iov[0].iov_len = sizeof(data);
+
+        msg.msg_iov = iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = ctrl_buf;
+        msg.msg_controllen = sizeof(ctrl_buf);
+
+        struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+        cmsg->cmsg_level = SOL_SOCKET;
+        cmsg->cmsg_type = SCM_RIGHTS;
+        cmsg->cmsg_len = CMSG_LEN(sizeof(int));
+        *((int*)CMSG_DATA(cmsg)) = fd_to_send;
+
+        if (sendmsg(socket_fd, &msg, 0) < 0) {
+            return -1;
+        }
+
+        return 0;
+    }
+
+    //- Receive a file descriptor over Unix domain socket
+    static int recvFD(int socket_fd)
+    {
+        struct msghdr msg;
+        struct iovec iov[1];
+        char ctrl_buf[CMSG_SPACE(sizeof(int))];
+        char data[1];
+
+        memset(&msg, 0, sizeof(msg));
+        memset(ctrl_buf, 0, sizeof(ctrl_buf));
+
+        iov[0].iov_base = data;
+        iov[0].iov_len = sizeof(data);
+
+        msg.msg_iov = iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = ctrl_buf;
+        msg.msg_controllen = sizeof(ctrl_buf);
+
+        if (recvmsg(socket_fd, &msg, 0) < 0) {
+            return -1;
+        }
+
+        struct cmsghdr *cmsg = CMSG_FIRSTHDR(&msg);
+        if (cmsg == NULL || cmsg->cmsg_type != SCM_RIGHTS) {
+            return -1;
+        }
+
+        return *((int*)CMSG_DATA(cmsg));
     }
 
 };
diff --git a/src/ResultProcessor.cpp b/src/ResultProcessor.cpp
@@ -29,6 +29,26 @@ void ResultProcessor::terminate(int _ignored)
     RunServer = false;
 }
 
+int ResultProcessor::_getFDFromParent(uint16_t fd)
+{
+    // Send the requested FD number to the parent
+    if (write(_FDPassingSocketFD, &fd, sizeof(fd)) != sizeof(fd)) {
+        ERR("Failed to send FD request to parent");
+        return -1;
+    }
+    
+    // Receive the FD from the parent
+    int received_fd = Syscall::recvFD(_FDPassingSocketFD);
+    
+    if (received_fd < 0) {
+        ERR("Failed to receive FD from parent");
+        return -1;
+    }
+    
+    DBG(120, "Received FD:" << received_fd << " from parent for requested FD:" << fd);
+    return received_fd;
+}
+
 void ResultProcessor::setVHostOffsets(VHostOffsetsPrecalc_t VHostOffsets) {
     _VHostOffsetsPrecalc = VHostOffsets;
 }
@@ -56,16 +76,24 @@ pid_t ResultProcessor::forkProcessResultProcessor(ResultProcessorSHMPointer_t SH
 
     if (_ForkResult == 0) {
 
-        //- get parent pid filedescriptor
-        _ParentPidFD = Syscall::pidfd_open(getppid(), 0);
+        //- connect to parent's FD passing server
+        const char* socket_path = "/tmp/falcon-fd-passing.sock";
+        _FDPassingSocketFD = Syscall::connectFDPassingClient(socket_path);
+        
+        if (_FDPassingSocketFD < 0) {
+            ERR("ResultProcessor: Failed to connect to FD passing server");
+            exit(1);
+        }
+        
+        DBG(120, "ResultProcessor: Connected to FD passing server");
 
         //- overwrite parent termination handler
         setTerminationHandler();
 
         //- spectre userspace protection
         prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0);
 
-        DBG(120, "Child ResultProcessor Process PID:" << getpid() << " ParentPidFD:" << _ParentPidFD);
+        DBG(120, "Child ResultProcessor Process PID:" << getpid() << " FDPassingSocketFD:" << _FDPassingSocketFD);
         DBG(120, "Child ResultProcessor SharedMemAddress:" << SHMAdresses.StaticFSPtr);
         DBG(120, "Child ResultProcessor Atomic Address:" << StaticFSLock << " Value:" << *(StaticFSLock));
 
@@ -151,7 +179,7 @@ void ResultProcessor::_processStaticFSRequests(uint16_t RequestCount)
         getNextAddress(ClientPayloadLength);
         DBG(120, "ClientFD:" << ClientFD << " ReqNr:" << ReqNr << " HTTPVersion:" << HTTPVersion << " PayloadLength:" << ClientPayloadLength << " Payload:'" << ClientPayloadString << "'");
 
-        ClientFD_t ClientFDShared = Syscall::pidfd_getfd(_ParentPidFD, ClientFD, 0);
+        ClientFD_t ClientFDShared = _getFDFromParent(ClientFD);
 
         RequestProps_t Request;
 
@@ -182,7 +210,7 @@ uint16_t ResultProcessor::_processPythonASResults()
                 RequestProps_t Request;
 
                 Request.ClientFD = *(static_cast<ClientFD_t*>(getMetaAddress(Index, 2)));
-                Request.ClientFDShared = Syscall::pidfd_getfd(_ParentPidFD, Request.ClientFD, 0);
+                Request.ClientFDShared = _getFDFromParent(Request.ClientFD);
                 Request.HTTPVersion = *(static_cast<HTTPVersionType_t*>(getMetaAddress(Index, 3)));
                 Request.PayloadLength = *(static_cast<HTTPPayloadLength_t*>(getMetaAddress(Index, 7)));
 
diff --git a/src/ResultProcessor.hpp b/src/ResultProcessor.hpp
@@ -43,9 +43,10 @@ class ResultProcessor : private SHMStaticFS, public CPU, private ResultOrder, pr
     void _processStaticFSRequests(uint16_t);
     inline void _parseHTTPBaseProps(string&);
     uint16_t _processPythonASResults();
+    int _getFDFromParent(uint16_t fd);
 
     pid_t _ForkResult;
-    pidfd_t _ParentPidFD;
+    int _FDPassingSocketFD;
     VHostOffsetsPrecalc_t _VHostOffsetsPrecalc;
 
 };
diff --git a/src/Server.cpp b/src/Server.cpp
@@ -32,6 +32,9 @@ void Server::init()
     setupSharedMemory();
     setSharedMemPointer( { _SHMStaticFS, _SHMPythonASMeta, _SHMPythonASRequests, _SHMPythonASResults } );
 
+    //- setup FD passing server
+    setupFDPassingServer();
+
     //- init static filesystem
     ConfigRef.mapStaticFSData();
 
@@ -248,3 +251,95 @@ void Server::setupSharedMemory()
 
     DBG(120, "SharedMemAddress:" << _SHMStaticFS);
 }
+
+void Server::setupFDPassingServer()
+{
+    DBG(120, "Setup FD Passing Server.");
+    
+    const char* socket_path = "/tmp/falcon-fd-passing.sock";
+    _FDPassingServerFD = Syscall::createFDPassingServer(socket_path);
+    
+    if (_FDPassingServerFD < 0) {
+        ERR("Failed to create FD passing server socket");
+        exit(EXIT_FAILURE);
+    }
+    
+    DBG(120, "FD Passing Server socket created at:" << socket_path);
+    
+    // Start thread to handle FD passing requests
+    _FDPassingThread = std::thread(&Server::handleFDPassingRequests, this);
+}
+
+void Server::handleFDPassingRequests()
+{
+    DBG(120, "FD Passing handler thread started");
+    
+    // Set socket to non-blocking
+    int flags = fcntl(_FDPassingServerFD, F_GETFL, 0);
+    fcntl(_FDPassingServerFD, F_SETFL, flags | O_NONBLOCK);
+    
+    std::vector<int> client_fds;
+    
+    while(RunServer) {
+        // Accept new connections
+        struct sockaddr_un client_addr;
+        socklen_t client_len = sizeof(client_addr);
+        
+        int new_client_fd = accept(_FDPassingServerFD, (struct sockaddr*)&client_addr, &client_len);
+        
+        if (new_client_fd >= 0) {
+            DBG(120, "FD passing new client connected, fd:" << new_client_fd);
+            client_fds.push_back(new_client_fd);
+        }
+        
+        // Process existing connections
+        auto it = client_fds.begin();
+        while (it != client_fds.end()) {
+            int client_fd = *it;
+            uint16_t requested_fd;
+            
+            ssize_t n = read(client_fd, &requested_fd, sizeof(requested_fd));
+            
+            if (n == sizeof(requested_fd)) {
+                DBG(120, "FD passing request for FD:" << requested_fd);
+                
+                // Send the requested FD to the client
+                if (Syscall::sendFD(client_fd, requested_fd) < 0) {
+                    ERR("Failed to send FD:" << requested_fd);
+                    close(client_fd);
+                    it = client_fds.erase(it);
+                } else {
+                    DBG(120, "Successfully sent FD:" << requested_fd);
+                    ++it;
+                }
+            } else if (n == 0) {
+                // Connection closed
+                DBG(120, "FD passing client disconnected, fd:" << client_fd);
+                close(client_fd);
+                it = client_fds.erase(it);
+            } else if (n < 0) {
+                if (errno != EAGAIN && errno != EWOULDBLOCK) {
+                    ERR("Failed to read requested FD number:" << strerror(errno));
+                    close(client_fd);
+                    it = client_fds.erase(it);
+                } else {
+                    ++it;
+                }
+            } else {
+                // Partial read - shouldn't happen with small fixed-size data
+                ERR("Partial read of FD request");
+                close(client_fd);
+                it = client_fds.erase(it);
+            }
+        }
+        
+        std::this_thread::sleep_for(std::chrono::milliseconds(10));
+    }
+    
+    // Clean up
+    for (int fd : client_fds) {
+        close(fd);
+    }
+    
+    DBG(120, "FD Passing handler thread exiting");
+}
diff --git a/src/Server.hpp b/src/Server.hpp
@@ -36,6 +36,8 @@ class Server : private ResultProcessor, private ASProcessHandler, private Client
     static void terminate(int);
 
     void setupSharedMemory();
+    void setupFDPassingServer();
+    void handleFDPassingRequests();
 
     static void addChildPID(pid_t);
     static void terminateChildren();
@@ -57,6 +59,9 @@ class Server : private ResultProcessor, private ASProcessHandler, private Client
     void* _SHMPythonASRequests;
     void* _SHMPythonASResults;
 
+    int _FDPassingServerFD;
+    std::thread _FDPassingThread;
+
     static std::vector<pid_t> ChildPIDs;
 
 };
